nanog mailing list archives
Re: ISP port blocking practice
From: Franck Martin <franck () genius com>
Date: Mon, 6 Sep 2010 13:13:35 +1200 (FJT)
In many countries, the presence of bots consume a non-trivial amount of bandwidth. In developing countries, this is a non trivial amount of $$$ (http://mobile.slashdot.org/story/10/09/05/1620212/UN-Tech-Group-Finds-Most-Expensive-Broadband) Blocking port 25 allows to help identify which hosts are consuming bandwidth (likely to have a bot). Identifying and removing these hosts from the network is crucial and economically viable, unfortunately these are skills sometimes not available in such countries. Just saying... ----- Original Message ----- From: "Patrick W. Gilmore" <patrick () ianai net> To: "North American Operators' Group" <nanog () nanog org> Sent: Monday, 6 September, 2010 12:11:16 PM Subject: Re: ISP port blocking practice Composed on a virtual keyboard, please forgive typos. On Sep 6, 2010, at 1:36, Claudio Lapidus <clapidus () gmail com> wrote:
Hello all, On Fri, Sep 3, 2010 at 11:30 PM, Ricky Beam <jfbeam () gmail com> wrote:If I block port 25 on my network, no spam will originate from it. (probablly) The spammers will move on to a network that doesn't block their crap. As long as there are such open networks, spam will be rampant. If, overnight, every network filtered port 25, spam would all but disappear. But spam would not completely disappear -- it would just be coming from known mailservers :-) thus enters outbound scanning and the frustrated user complaints from poorly tuned systems...That won't be probably the case. Here recently we conducted a rather comprehensive analysis on dns activity from subscribers, and we've found that in IP ranges that already have outgoing 25 blocked we were still getting complaints about originating spam. It turned out that the bots also know how to send through webmail, so port 25 blocking renders ineffective there.
I believe you have confused "not 100% effective" with "ineffective". And webmail is but one additional vector. Bots know how to use smarthosts, corporate e-mail, triangulation, etc. If you gave up on each because one step did not solve the problem, you would have no chance at a solution. When you unblocked port 25, did spam complaints go up or down? There are a great many providers who have evidence that port 25 blocking lowers complaints even if there are bots that know their way around it. Second, assume you can wave a magic wand and block all webmail access. Do you honestly believe the bots will not use port 25 to send spam directly? Security requires layers. And it is a bit shocking how many people do not realize this. -- TTFN, patrick
Current thread:
- Re: ISP port blocking practice, (continued)
- Re: ISP port blocking practice Franck Martin (Sep 03)
- Re: ISP port blocking practice Owen DeLong (Sep 03)
- Re: ISP port blocking practice John R. Levine (Sep 03)
- Re: ISP port blocking practice Robert E. Seastrom (Sep 08)
- RE: ISP port blocking practice Brian Johnson (Sep 12)
- Re: ISP port blocking practice Patrick W. Gilmore (Sep 03)
- Re: ISP port blocking practice Ricky Beam (Sep 03)
- Message not available
- Re: ISP port blocking practice Patrick W. Gilmore (Sep 03)
- Re: ISP port blocking practice Claudio Lapidus (Sep 05)
- Re: ISP port blocking practice Patrick W. Gilmore (Sep 05)
- Re: ISP port blocking practice Franck Martin (Sep 05)
- Re: ISP port blocking practice Paul Ferguson (Sep 05)
- Re: ISP port blocking practice Jon Lewis (Sep 05)
- Re: ISP port blocking practice Owen DeLong (Sep 05)
- Re: ISP port blocking practice Franck Martin (Sep 05)
- Re: ISP port blocking practice Jon Auer (Sep 06)
- Re: ISP port blocking practice Scott Howard (Sep 11)
- Re: ISP port blocking practice Brett Frankenberger (Sep 06)
- Re: ISP port blocking practice Patrick W. Gilmore (Sep 06)
- Re: ISP port blocking practice deleskie (Sep 06)
- Re: ISP port blocking practice Brett Frankenberger (Sep 06)